From 1bd0d12bcbf4f51bd78c60d5bae01f1ff38c5a84 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Mon, 14 Jul 2014 14:13:22 +0100 Subject: Fix parsing of mime headers RFC2045 allows parameter values to be quoted; an embedded semicolon must then not terminate the parameter. --- doc/doc-txt/ChangeLog | 2 ++ src/src/mime.c | 15 ++++++++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 8dda80a10..770b106a5 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -148,6 +148,8 @@ PP/02 Fix internal collision of T_APL on systems which support RFC3123 by renaming away from it. Addresses GH issue 15, reported by Jasper Wallace. +JH/28 Fix parsing of MIME headers for parameters with quoted semicolons. + Exim version 4.82 ----------------- diff --git a/src/src/mime.c b/src/src/mime.c index 7c6d23df9..2233dacf6 100644 --- a/src/src/mime.c +++ b/src/src/mime.c @@ -391,11 +391,11 @@ int mime_get_header(FILE *f, uschar *header) { /* we have hit a non-whitespace char, start copying value data */ header_value_mode = 2; - /* skip quotes */ - if (c == '"') continue; + if (c == '"') /* flip "quoted" mode */ + header_value_mode = header_value_mode==2 ? 3 : 2; - /* leave value mode on ';' */ - if (c == ';') { + /* leave value mode on unquoted ';' */ + if (header_value_mode == 2 && c == ';') { header_value_mode = 0; }; /* -------------------------------- */ @@ -570,7 +570,12 @@ int mime_acl_check(uschar *acl, FILE *f, struct mime_boundary_context *context, if (strncmpic(mime_parameter_list[j].name,p,mime_parameter_list[j].namelen) == 0) { uschar *q = p + mime_parameter_list[j].namelen; /* yes, grab the value and copy to its corresponding expansion variable */ - while(*q != ';') q++; + while (*q && *q != ';') + { + if (*q == '"') do q++; while (*q != '"'); + q++; + } + param_value_len = (q - (p + mime_parameter_list[j].namelen)); param_value = (uschar *)malloc(param_value_len+1); memset(param_value,0,param_value_len+1); -- cgit v1.2.3